Information Security Policy
This policy addresses how Winter, Jülg und Gellweiler - Software Engineering GbR handles security requirements.
This policy reasonably adheres to industry standards and best practices and reasonably provides safeguards against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access to covered data. It is designed to provide a consistent application of security policy and controls for Winter, Jülg und Gellweiler - Software Engineering GbR, and all Winter, Jülg und Gellweiler - Software Engineering GbR customers.
Protection of Winter, Jülg und Gellweiler - Software Engineering GbR proprietary software shall be addressed to ensure the continued availability of data and programs to all authorized parties and to ensure the integrity and confidentiality of impacted data and configuration controls.
All code should be managed through a version control system to allow viewing of change history and content. All web and cloud applications should be based on secure coding best practices. At a minimum, prevention of common coding vulnerabilities in software development processes should be covered, including the following:
- Broken Authentication
- Sensitive Data Exposure
- Security Misconfiguration
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Insufficient Logging & Monitoring
Only Deidentified and Strongly Pseudonymized Data should be used for testing and/or development. Test data and accounts must be removed before production systems become active. Change control procedures should be followed for all changes to system components. The procedures should include testing of operational functionality.
Availability and Redundancy
We host all of our cloud applications with AWS. Their data centers have been designed and optimized to host applications, have multiple levels of redundancy built-in, and run on a separate front-end hardware node on which application data is stored.
Our Atlassian Plugins are hosted with Amazon Web Services (AWS), the industry-leading cloud hosting provider, resulting in an optimal performance with redundancy and failover options globally.
Business Continuity Plan
The aim of this plan is to provide a reference tool for the actions required during or immediately following an emergency or incident that threatens to disrupt normal business activities. An emergency is an actual or impending situation that may cause injury, loss of life, destruction of property, or cause the interference, loss, or disruption of an organization’s normal business operations to such an extent it poses a threat. An incident is any event that may be, or may lead to, a business interruption, disruption, loss, and/or crisis. The plan will help to ensure the continuation of business-critical services by minimizing the impact of any damage to staff, premises, equipment, or records.
The plan will help to include an adequate level of detail used to maintain the business and:
* To ensure a prepared approach to an emergency/incident.
* To facilitate an organized and coordinated response to an emergency/incident.
* To provide an agreed framework within which people can work in a concerted manner to solve problems caused by an emergency/incident.
The plan will also help to identify actions that could be taken in advance of an emergency or incident to reduce the risk of it happening.
As the plan contains personal data we keep it confidential.